Bug 77460
Summary: | Security breach - Root password can be changed by normal user | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Frank Weber <fcw2002> |
Component: | gnome-desktop | Assignee: | Mark McLoughlin <markmc> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-12-14 02:55:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frank Weber
2002-11-07 14:18:51 UTC
You have to type the current root password first, though. Note that if you authenticate for one of the "system settings" items the authentication will be remembered for a few minutes, so you can run any of the other items. The panel "notification area" should display an icon while you are authenticated. You can run "pam_timestamp_check -k root" or click the icon to drop the authentication. See "man pam_timestamp" and "man pam_timestamp_check" Please confirm that you are asked to type the current root password, unless authentication is currently timestamped. assuming NOTABUG |